From 4317c8558757e2bf87be55a1e8b387988c170496 Mon Sep 17 00:00:00 2001 From: Parahub AI Date: Tue, 10 Feb 2026 11:54:25 +0000 Subject: [PATCH] fix(ssh): Fix dropbear authorized_keys by enforcing /etc/dropbear 700 perms The /etc/dropbear/ directory had 775 permissions from the build host, which caused dropbear to reject authorized_keys (SSH key auth). Dropbear requires the directory to be 700 (not group/world-writable). - chmod 700 /etc/dropbear in uci-defaults (belt and suspenders) - Bump PARAHUB_BUILD to 2 (triggers OTA autoupdate) Co-Authored-By: Claude Opus 4.6 --- files/etc/uci-defaults/99-parahub-mesh | 9 +++++++++ scripts/build.sh | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/files/etc/uci-defaults/99-parahub-mesh b/files/etc/uci-defaults/99-parahub-mesh index 712b572..6f2c748 100755 --- a/files/etc/uci-defaults/99-parahub-mesh +++ b/files/etc/uci-defaults/99-parahub-mesh @@ -56,6 +56,8 @@ GUEST_IP="10.${GUEST_O1}.${GUEST_O2}.1" PRIVATE_KEY="parahub.io" # Shared mesh SAE key — same across all Parahub nodes for auto-peering MESH_KEY="ndIPclyqSn9LaCki" +# Random root password for SSH + LuCI (unique per node) +ROOT_PASSWORD=$(head -c 128 /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 16) mkdir -p /etc/parahub cat > /etc/parahub/keys </dev/null 2>&1 + +# Ensure dropbear directory has strict permissions (required for key auth) +chmod 700 /etc/dropbear + # ============================================================================ # 4. NETWORK CONFIGURATION # ============================================================================ diff --git a/scripts/build.sh b/scripts/build.sh index 0dfcc5d..99fa2bf 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -11,7 +11,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_DIR="$(dirname "$SCRIPT_DIR")" OPENWRT_VERSION="${OPENWRT_VERSION:-25.12.0-rc4}" -PARAHUB_BUILD="1" +PARAHUB_BUILD="2" FIRMWARE_VERSION="${OPENWRT_VERSION}-ph${PARAHUB_BUILD}" # ============================================================================